Vulnerability-Lookup

CVE-2015-3187 (GCVE-0-2015-3187)

Vulnerability from cvelistv5 – Published: 2015-08-12 14:00 – Updated: 2024-08-06 05:39

Summary

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2015-1742.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2015-1633.html	vendor-advisoryx_refsource_REDHAT
	https://support.apple.com/HT206172	x_refsource_CONFIRM
	http://www.debian.org/security/2015/dsa-3331	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://subversion.apache.org/security/CVE-2015-31…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/76273	vdb-entryx_refsource_BID
	http://www.ubuntu.com/usn/USN-2721-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securitytracker.com/id/1033215	vdb-entryx_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	https://security.gentoo.org/glsa/201610-05	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:1742",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
          },
          {
            "name": "RHSA-2015:1633",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206172"
          },
          {
            "name": "DSA-3331",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3331"
          },
          {
            "name": "openSUSE-SU-2015:1401",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
          },
          {
            "name": "76273",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76273"
          },
          {
            "name": "USN-2721-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2721-1"
          },
          {
            "name": "1033215",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033215"
          },
          {
            "name": "APPLE-SA-2016-03-21-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
          },
          {
            "name": "GLSA-201610-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201610-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-30T16:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2015:1742",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
        },
        {
          "name": "RHSA-2015:1633",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206172"
        },
        {
          "name": "DSA-3331",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3331"
        },
        {
          "name": "openSUSE-SU-2015:1401",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
        },
        {
          "name": "76273",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76273"
        },
        {
          "name": "USN-2721-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2721-1"
        },
        {
          "name": "1033215",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033215"
        },
        {
          "name": "APPLE-SA-2016-03-21-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
        },
        {
          "name": "GLSA-201610-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201610-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-3187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:1742",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
            },
            {
              "name": "RHSA-2015:1633",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
            },
            {
              "name": "https://support.apple.com/HT206172",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206172"
            },
            {
              "name": "DSA-3331",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3331"
            },
            {
              "name": "openSUSE-SU-2015:1401",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
            },
            {
              "name": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt",
              "refsource": "CONFIRM",
              "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
            },
            {
              "name": "76273",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76273"
            },
            {
              "name": "USN-2721-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2721-1"
            },
            {
              "name": "1033215",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033215"
            },
            {
              "name": "APPLE-SA-2016-03-21-4",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
            },
            {
              "name": "GLSA-201610-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201610-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3187",
    "datePublished": "2015-08-12T14:00:00.000Z",
    "dateReserved": "2015-04-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:39:31.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2015-3187

Vulnerability from fkie_nvd - Published: 2015-08-12 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1633.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1742.html
secalert@redhat.com	http://subversion.apache.org/security/CVE-2015-3187-advisory.txt	Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2015/dsa-3331
secalert@redhat.com	http://www.securityfocus.com/bid/76273
secalert@redhat.com	http://www.securitytracker.com/id/1033215
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2721-1
secalert@redhat.com	https://security.gentoo.org/glsa/201610-05
secalert@redhat.com	https://support.apple.com/HT206172	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1633.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1742.html
af854a3a-2127-422b-91ae-364da2661108	http://subversion.apache.org/security/CVE-2015-3187-advisory.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3331
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76273
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033215
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2721-1
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201610-05
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT206172	Vendor Advisory

Impacted products

Vendor	Product	Version
apache	subversion	*
apache	subversion	1.8.1
apache	subversion	1.8.2
apache	subversion	1.8.3
apache	subversion	1.8.4
apache	subversion	1.8.5
apache	subversion	1.8.6
apache	subversion	1.8.7
apache	subversion	1.8.8
apache	subversion	1.8.9
apache	subversion	1.8.10
apache	subversion	1.8.11
apache	subversion	1.8.13
apple	xcode	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9158B9C3-7832-4D4F-B3CE-0E9CDDA4C9DF",
              "versionEndIncluding": "1.7.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A57A3347-6C48-4803-AB4E-A4BC0E6BFA41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "50D26799-D038-470A-A468-58DBDB64A7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3769BD6-B104-4F74-B8C4-89398A8894FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9757DD5E-42A6-44B8-9692-49690F60C8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7B5A014-D4EE-4244-AABA-0873492F7295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9F8C2A-A94E-4D99-839B-47AAE8754191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D29A9E-DB23-4D86-B4A3-3C4F663416AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86AEE89-9F8E-43A5-A888-F421B10DB2C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D335628F-EC07-43BE-9B29-3365A6F64D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4EF7D71-3AAF-4112-831A-3538C5B82594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "89835508-F72F-4D8A-8E4A-5CFAA5F90C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A83933C-D270-4B9A-8D18-AC7302A5B86F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0E785D-FDCD-46DD-9BE9-049D6C1D6E1E",
              "versionEndIncluding": "7.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la funci\u00f3n svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorizaci\u00f3n basada en ruta, permite a usuarios remotos autenticados obtener informaci\u00f3n de ruta sensible leyendo el historial de un nodo que ha sido movido desde una ruta oculta."
    }
  ],
  "id": "CVE-2015-3187",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-12T14:59:12.150",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3331"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/76273"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1033215"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2721-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201610-05"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3331"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2721-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201610-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT206172"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-C79Q-H5WC-3724

Vulnerability from github – Published: 2022-05-17 02:38 – Updated: 2022-05-17 02:38

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-12T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.",
  "id": "GHSA-c79q-h5wc-3724",
  "modified": "2022-05-17T02:38:48Z",
  "published": "2022-05-17T02:38:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3187"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-05"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT206172"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
    },
    {
      "type": "WEB",
      "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3331"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76273"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033215"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2721-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2015-3187

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-3187

Aliases

CVE-2015-3187

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3187",
    "description": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.",
    "id": "GSD-2015-3187",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-3187.html",
      "https://www.debian.org/security/2015/dsa-3331",
      "https://access.redhat.com/errata/RHSA-2015:1742",
      "https://access.redhat.com/errata/RHSA-2015:1633",
      "https://ubuntu.com/security/CVE-2015-3187",
      "https://advisories.mageia.org/CVE-2015-3187.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2015-3187.html",
      "https://linux.oracle.com/cve/CVE-2015-3187.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3187"
      ],
      "details": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.",
      "id": "GSD-2015-3187",
      "modified": "2023-12-13T01:20:07.324606Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-3187",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2015:1742",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
          },
          {
            "name": "RHSA-2015:1633",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
          },
          {
            "name": "https://support.apple.com/HT206172",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT206172"
          },
          {
            "name": "DSA-3331",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3331"
          },
          {
            "name": "openSUSE-SU-2015:1401",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
          },
          {
            "name": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt",
            "refsource": "CONFIRM",
            "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
          },
          {
            "name": "76273",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76273"
          },
          {
            "name": "USN-2721-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2721-1"
          },
          {
            "name": "1033215",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033215"
          },
          {
            "name": "APPLE-SA-2016-03-21-4",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
          },
          {
            "name": "GLSA-201610-05",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201610-05"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:subversion:1.8.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-3187"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1033215",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033215"
            },
            {
              "name": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://subversion.apache.org/security/CVE-2015-3187-advisory.txt"
            },
            {
              "name": "DSA-3331",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3331"
            },
            {
              "name": "openSUSE-SU-2015:1401",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html"
            },
            {
              "name": "RHSA-2015:1633",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
            },
            {
              "name": "https://support.apple.com/HT206172",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT206172"
            },
            {
              "name": "APPLE-SA-2016-03-21-4",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html"
            },
            {
              "name": "76273",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76273"
            },
            {
              "name": "RHSA-2015:1742",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1742.html"
            },
            {
              "name": "USN-2721-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2721-1"
            },
            {
              "name": "GLSA-201610-05",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201610-05"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-01T01:29Z",
      "publishedDate": "2015-08-12T14:59Z"
    }
  }
}

CERTFR-2016-AVI-106

Vulnerability from certfr_avis - Published: 2016-03-22 - Updated: 2016-03-22

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	OS X Mavericks versions 10.9.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	N/A	tvOS versions antérieures à 9.2 pour Apple TV (4ème génération)
Apple	N/A	OS X El Capitan 10.11.x versions antérieures à 10.11.4
Apple	N/A	iOS versions antérieures à 9.3 pour iPhones 4s, iPod touch (5ème génération), iPad 2 et leurs modèles respectifs plus récents
Apple	N/A	watchOS versions antérieures à 2.2
Apple	N/A	OS X Server versions antérieures à 5.1 pour OS X Yosemite versions 10.10.5 et ultérieures
Apple	N/A	Xcode versions antérieures à 7.3 pour OS X El Capitan versions 10.11 et ultérieures
Apple	N/A	OS X Yosemite versions 10.10.5 et antérieures n'intégrant pas le correctif de sécurité 2016-002
Apple	Safari	Safari versions antérieures à 9.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206173 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206169 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206168 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206171 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206166 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206172 du 21 mars 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206167 du 21 mars 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OS X Mavericks versions 10.9.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 9.2 pour Apple TV (4\u00e8me g\u00e9n\u00e9ration)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X El Capitan 10.11.x versions ant\u00e9rieures \u00e0 10.11.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 9.3 pour iPhones 4s, iPod touch (5\u00e8me g\u00e9n\u00e9ration), iPad 2 et leurs mod\u00e8les respectifs plus r\u00e9cents",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Server versions ant\u00e9rieures \u00e0 5.1 pour OS X Yosemite versions 10.10.5 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 7.3 pour OS X El Capitan versions 10.11 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "OS X Yosemite versions 10.10.5 et ant\u00e9rieures n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 2016-002",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 9.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1753"
    },
    {
      "name": "CVE-2016-1781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1781"
    },
    {
      "name": "CVE-2016-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1736"
    },
    {
      "name": "CVE-2016-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1750"
    },
    {
      "name": "CVE-2016-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1779"
    },
    {
      "name": "CVE-2016-1748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1748"
    },
    {
      "name": "CVE-2016-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1766"
    },
    {
      "name": "CVE-2016-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1758"
    },
    {
      "name": "CVE-2016-1735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1735"
    },
    {
      "name": "CVE-2016-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1763"
    },
    {
      "name": "CVE-2016-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1767"
    },
    {
      "name": "CVE-2016-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1720"
    },
    {
      "name": "CVE-2016-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1771"
    },
    {
      "name": "CVE-2016-1719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1719"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-1727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1727"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2015-3184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3184"
    },
    {
      "name": "CVE-2015-1819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1819"
    },
    {
      "name": "CVE-2016-0801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0801"
    },
    {
      "name": "CVE-2016-1950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1950"
    },
    {
      "name": "CVE-2016-1768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1768"
    },
    {
      "name": "CVE-2016-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0802"
    },
    {
      "name": "CVE-2016-1744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1744"
    },
    {
      "name": "CVE-2016-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1775"
    },
    {
      "name": "CVE-2016-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1787"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2016-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1788"
    },
    {
      "name": "CVE-2015-3187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3187"
    },
    {
      "name": "CVE-2016-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1786"
    },
    {
      "name": "CVE-2016-1717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1717"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2016-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1776"
    },
    {
      "name": "CVE-2009-2197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2197"
    },
    {
      "name": "CVE-2016-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1785"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2016-1755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1755"
    },
    {
      "name": "CVE-2016-1733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1733"
    },
    {
      "name": "CVE-2016-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1772"
    },
    {
      "name": "CVE-2016-1723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1723"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2016-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1754"
    },
    {
      "name": "CVE-2016-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1783"
    },
    {
      "name": "CVE-2016-1756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1756"
    },
    {
      "name": "CVE-2016-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1745"
    },
    {
      "name": "CVE-2016-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1752"
    },
    {
      "name": "CVE-2014-9495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9495"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-7942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
    },
    {
      "name": "CVE-2015-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5333"
    },
    {
      "name": "CVE-2015-8126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8126"
    },
    {
      "name": "CVE-2016-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1725"
    },
    {
      "name": "CVE-2016-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1761"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2016-1740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1740"
    },
    {
      "name": "CVE-2016-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1764"
    },
    {
      "name": "CVE-2016-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1757"
    },
    {
      "name": "CVE-2016-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1769"
    },
    {
      "name": "CVE-2016-1743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1743"
    },
    {
      "name": "CVE-2016-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1746"
    },
    {
      "name": "CVE-2016-1724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1724"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2015-8659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8659"
    },
    {
      "name": "CVE-2016-1770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1770"
    },
    {
      "name": "CVE-2016-1749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1749"
    },
    {
      "name": "CVE-2016-1732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1732"
    },
    {
      "name": "CVE-2016-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1773"
    },
    {
      "name": "CVE-2016-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1777"
    },
    {
      "name": "CVE-2016-1765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1765"
    },
    {
      "name": "CVE-2016-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1741"
    },
    {
      "name": "CVE-2016-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1737"
    },
    {
      "name": "CVE-2016-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1784"
    },
    {
      "name": "CVE-2016-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1759"
    },
    {
      "name": "CVE-2016-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1778"
    },
    {
      "name": "CVE-2015-5334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5334"
    },
    {
      "name": "CVE-2016-1722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1722"
    },
    {
      "name": "CVE-2015-0973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0973"
    },
    {
      "name": "CVE-2016-1738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1738"
    },
    {
      "name": "CVE-2016-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1747"
    },
    {
      "name": "CVE-2015-7551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7551"
    },
    {
      "name": "CVE-2016-1780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1780"
    },
    {
      "name": "CVE-2016-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1774"
    },
    {
      "name": "CVE-2016-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1721"
    },
    {
      "name": "CVE-2015-8472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8472"
    },
    {
      "name": "CVE-2016-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1782"
    },
    {
      "name": "CVE-2016-1726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1726"
    },
    {
      "name": "CVE-2016-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1751"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    },
    {
      "name": "CVE-2016-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1734"
    }
  ],
  "initial_release_date": "2016-03-22T00:00:00",
  "last_revision_date": "2016-03-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2016-AVI-106",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206173 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206173"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206169 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206169"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206168 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206168"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206171 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206171"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206166 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206166"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206172 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206172"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206167 du 21 mars 2016",
      "url": "https://support.apple.com/en-us/HT206167"
    }
  ]
}

CNVD-2015-05165

Vulnerability from cnvd - Published: 2015-08-10

Title

Apache Subversion路径名敏感信息泄露漏洞

Description

Apache Subversion是一款自由/开源版本控制系统。 Apache Subversion svn_repos_trace_node_locations()存在安全漏洞，允许远程通过验证的用户查看authz隐藏的路径名。

Severity

中

Patch Name

Apache Subversion路径名敏感信息泄露漏洞的补丁

Patch Description

Apache Subversion是一款自由/开源版本控制系统。Apache Subversion svn_repos_trace_node_locations()存在安全漏洞，允许远程通过验证的用户查看authz隐藏的路径名。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

Reference

http://subversion.apache.org/security/CVE-2015-3184-advisory.txt

Impacted products

Name
Apache Subversion

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3187"
    }
  },
  "description": "Apache Subversion\u662f\u4e00\u6b3e\u81ea\u7531/\u5f00\u6e90\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u3002\r\n\r\nApache Subversion svn_repos_trace_node_locations()\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u901a\u8fc7\u9a8c\u8bc1\u7684\u7528\u6237\u67e5\u770bauthz\u9690\u85cf\u7684\u8def\u5f84\u540d\u3002",
  "discovererName": "Apache",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://subversion.apache.org/security/CVE-2015-3184-advisory.txt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-05165",
  "openTime": "2015-08-10",
  "patchDescription": "Apache Subversion\u662f\u4e00\u6b3e\u81ea\u7531/\u5f00\u6e90\u7248\u672c\u63a7\u5236\u7cfb\u7edf\u3002Apache Subversion svn_repos_trace_node_locations()\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u901a\u8fc7\u9a8c\u8bc1\u7684\u7528\u6237\u67e5\u770bauthz\u9690\u85cf\u7684\u8def\u5f84\u540d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Subversion\u8def\u5f84\u540d\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Subversion"
  },
  "referenceLink": "http://subversion.apache.org/security/CVE-2015-3184-advisory.txt",
  "serverity": "\u4e2d",
  "submitTime": "2015-08-08",
  "title": "Apache Subversion\u8def\u5f84\u540d\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3187 (GCVE-0-2015-3187)

FKIE_CVE-2015-3187

GHSA-C79Q-H5WC-3724

GSD-2015-3187

CERTFR-2016-AVI-106

Solution

CNVD-2015-05165

Tags

Sightings

Nomenclature